Hi Nik, > > dbclient sends "SSH-2.0-dropbear_2018.76\r\n" and kexinit > cisco sends "SSH-2.0-Cisco-1.25\r\n" > then cisco waits "ip ssh time-out" seconds and then closes the TCP socket. > > my conjecture is that cisco empties its receive buffer after sendind the > identification string and then waits for the lost kexinit. > To prove my idea I added a sleep() after the first write_packet(), and > dbclient was able to connect to cisco (ios 12.4 and 15.1).
Yes, it seems some Cisco SSH versions are buggy. Older IOS is possibly OK (I did a bit of investigation about a year ago when someone reported similar). I'm not keen on changing dbclient, the current implementation saves a network roundtrip. It's perfectly reasonable according to the spec. If you have Cisco support could you report it to them? Cheers, Matt rfc4253: 5.2. New Client, Old Server Since the new client MAY immediately send additional data after its identification string (before receiving the server's identification string), ...
